DOP-C02 Exam QuestionsBrowse all questions from this exam

DOP-C02 Exam - Question 228


A DevOps team has created a Custom Lambda rule in AWS Config. The rule monitors Amazon Elastic Container Repository (Amazon ECR) policy statements for ecr:* actions. When a noncompliant repository is detected, Amazon EventBridge uses Amazon Simple Notification Service (Amazon SNS) to route the notification to a security team.

When the custom AWS Config rule is evaluated, the AWS Lambda function fails to run.

Which solution will resolve the issue?

Show Answer
Correct Answer: A

To resolve the issue where the AWS Lambda function fails to run when the custom AWS Config rule is evaluated, the Lambda function's resource policy needs to be modified to grant AWS Config permission to invoke the function. This allows AWS Config to trigger the Lambda function properly as part of its rule evaluation.

Discussion

3 comments
Sign in to comment
tgv
Jul 15, 2024

---> A

amehim
Jul 21, 2024

A. Modify the Lambda function's resource policy to grant AWS Config permission to invoke the function. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "config.amazonaws.com" }, "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:region:account-id:function:function-name" } ] }

d9iceguyOption: A
Jul 22, 2024

Resource policy should allow Config invocation